Changing Oracle Identity Manager(11g R2PS2) Administrator Password

 Changing Oracle Identity Manager(11g R2PS2) Administrator Password

If you want to change xelsysadm password in your environment. These are following steps, have to follow.

Step1:

First change xelsysadm password  in Identity Self Service Console.

     1. Login as an admin user(xelsysadm) in Identity Self Service console.

    2. Under my profile click My Information.

    3.   Page is displayed with section changing password.

    4. Under Changing password  specify the value of following field

  

   Old Password: Enter the existing password.

   New Password: Enter the new password.

  Confirm New Password: Re-enter new password.

In case Changing Password section is not in My Information. Then follow the following steps.

1. Login in as admin user in Identity Self Service console.

     2. Click on Users under Administration.

     3. Search xelsysadm user.

     4. Click System Administrator .

     5. Click on Reset password.

     6. Select Manually Change  the Password.

       New Password: Enter the new password.

      Confirm New Password: Re-inter the new password.

     7. Click on Reset password tab.

Note: New password is in compliance with the password policy, then the password is changed. Otherwise, an error message is displayed.

Step 2:

Change Xelsysadm password in EM Console.

1. Under farm_base_domain, click WebLogic Domain.

2. Click your base_domain.

3.  This will open up the base_domain in the main window. On top left hand corner drop down WebLogic Domain, select Security, then select Credentials.

4. This will open up the Credential Store Provider window. Open the Credential called "oracle.wsm.security". Select the entry for OIMAdmin. Use the Edit option to open the editor window. This should pop-up Edit Key. Change the password here.

Note: Restart of the servers are required post changing the password.

Add Custom Attribute(LOOKUP FIELD) On UI In OIM11GR2PS2

       
    Add Custom Attribute(LOOKUP FIELD) On UI In OIM11GR2PS2

1. Login on System Admin console and Create and Activate new Sandbox.

2. Under System Entities click on User, Manage USER page will prompt.

3. Click on Create  icon and then select field type LOOKUP.

4. Create a new field Branch and mark it as searchable.

5. Click on Lookup and search and select your Lookup type.

6. Then also mark it as Search Picklist. Save and Close.

Note: If you don’t  mark it as Searchable Picklist then it will not make as Lookup field.

Note: We have completed creating a UDF on user form. Next we will be adding the UDF to Create User Form.

7. Now go to manage sandbox  page and publish the sandbox.

8. Then login on Identity Self console and Create and Activate Sandbox.

9. Now click on User under Administration.

10. Click on create icon for open create User form and must enter the values of mandatory field.

11. Click on Customize and then click on view and source and customize screen will prompt.

12. Now select area where you want to add custom field and click Edit.

13. Highlight panelFormLayout and click on ADD Content and Select Data Component – Catalog.

14. Select userVO.

15. Branch attribute and click on Add  and select ADF Input Test w/Label click close.

16. Now Branch attribute add on User From.

17. Close Customization Editor.

18. And Publish the Sandbox.

Create Users Using OIM API

                    Create Users Using OIM API

1. Ultimate Control Over Identity:

Oracle Identity Manager(OIM) 11g provides complete life cycle management of user identities. Identity life cycle management includes the creation, modification and deletion of user access to provision resource. OIM 11g provides range of option for how it can be customized. One of the most powerful and flexible ways to extending a solution is through the use of Application Programing Interface. OIM 11g provide JAVA API which can be use to interface with multiple aspects of Identity life cycle management.

1.2. Using API:

Oracle provides a network-aware, Java-based application programming interface (API) that exposes Services, called Utility in earlier releases, available in Oracle Identity Manager. This API is based on Plain Old Java Objects (POJO) and takes care of all the plumbing required to interact with Oracle Identity Manager. This API can be used for building clients for Oracle Identity Manager and for integrating third-party products with the Oracle Identity Manager platform.

1.3. Oracle Identity Manager Services:

The Oracle Identity Manager API provides access to services available in Oracle Identity Manager.

1.3.1. Commonly Use Services List:

Service Name	Description
UserManager	Provides operations for user management, such as create, search, modify, and delete users
RequestService	Provides operation to submit, withdraw, close, and search requests
RoleManager	Provides operations for role management such as create, search, modify, and delete roles. In addition, this service provides operations for management of role members and relationships between roles.
OrganizationManager	Provides operations for organization management such as create, search, modify, delete, enable, and disable organizations.

1.3.1.1. User Management:

The OIM 11g Java APIs support searching, creating, reading, updating and deleting of Users. This procedure will cover how to use the OIM 11g Java APIs to perform these operations.

Getting Start to Create Users:

OIM 11g leverages a new Java API. The previous API (Thor) is still available. But, it is recommended that new projects use the OIM 11g Client API.

Create a folder for containing the required OIM files and sample source files on which you want to develop the client. This procedure will use a folder called oimlib.

Required Server Files:

You will need to obtain the following file from OIM 11g server.

a. oimclient.zip: Copy this zip file from OIM 11g server: F:\RMW\Middleware\Oracle_IDM1\server\client and copy in oimlib folder. Extract zip file and copy conf and lib out side the oimclient folder.

lib sub directory containing all following jar files required by OIM 11g Api:-

·        commons-logging.jar

·        eclipselink.jar

·        jrf-api.jar

·        oimclient.jar 

·        spring.jar

·        wlfullclient.jar

1.4. Source code:

Using OIMClient:

OIMClient is the entry point for accessing the services available in Oracle Identity Manager.

·         Create an instance of OIMClient  with environment information require to connect to Oracle Identity Manager application, show below:

Hashtable env = new Hashtable();

env.put(OIMClient.JAVA_NAMING_FACTORY_INITIAL, "weblogic.jndi.WLInitialContextFactory");

env.put(OIMClient.JAVA_NAMING_PROVIDER_URL, http://OIM_HOSTNAME:OIM_PORT );

OIMClient  oimClient = new OIMClient();

a.       Gets a UserManager object via the OIMClient.getService(UserManager.class) method.

User Create in OIM:

a. Gets the UserManager.

b. Creates a HashMap, to hold attributes.

c. Adds attributes (name/value) to the HashMap.

d. Creates a User object and adds the HashMap of attributes.

e. Calls the UserManager create() method to create the new user.

f. A UserManagerResult object is returned. It is evaluated.

Example of  User Creation:

 package com.rakesh.boss;

 import java.text.DateFormat;

 import java.text.SimpleDateFormat;

 import java.util.ArrayList;

 import java.util.Date;

 import java.util.HashMap;

 import java.util.Hashtable;

 import java.util.Iterator;

 import java.util.Map;

 import java.util.Set;

 import javax.naming.Context;

 import javax.naming.NamingEnumeration;

 import javax.naming.NamingException;

 import javax.naming.directory.Attributes;

 import javax.naming.directory.BasicAttribute;

 import javax.naming.directory.BasicAttributes;

 import javax.naming.directory.DirContext;

 import javax.naming.directory.InitialDirContext;

 import javax.naming.directory.SearchControls;

 import javax.naming.directory.SearchResult;

 import javax.naming.ldap.Control;

 import javax.naming.ldap.PagedResultsControl;

 import oracle.iam.platform.OIMClient;

 import oracle.iam.platform.Platform;

 import Thor.API.Exceptions.tcAPIException;

 import Thor.API.Exceptions.tcDuplicateLookupCodeException;

 import Thor.API.Exceptions.tcInvalidLookupException;

 import Thor.API.Exceptions.tcInvalidValueException;

 import Thor.API.Operations.tcLookupOperationsIntf;

 import java.util.Hashtable;

 import java.util.logging.Logger;

 import oracle.iam.identity.exception.UserAlreadyExistsException;

 import oracle.iam.identity.exception.UserCreateException;

 import oracle.iam.identity.exception.ValidationFailedException;

 import oracle.iam.identity.usermgmt.api.UserManager;

 import oracle.iam.identity.usermgmt.vo.User;

 import oracle.iam.identity.usermgmt.vo.UserManagerResult;

 import oracle.iam.platform.OIMClient;

 import oracle.iam.platform.authz.exception.AccessDeniedException;

public class Oimapi {

    public Oimapi() {

        super();

          }

 private static final String CLASS_NAME = Oimapi.class.getSimpleName();

 private static Logger logger = Logger.getLogger("Oimapi.OCS.SCHTASK");

 private static String OIMUserName = "xelsysadm";

 private static String OIMPassword = "Welcome1";

 private static String OIMURL = "t3://Sham-PC:14000";

 private static String OIMInitialContextFactory ="weblogic.jndi.WLInitialContextFactory";

// OIM Client Initiallization

 public static OIMClient loginWithCustomEnv() {

 Hashtable env = new Hashtable();

 env.put(OIMClient.JAVA_NAMING_FACTORY_INITIAL, OIMInitialContextFactory);

 env.put(OIMClient.JAVA_NAMING_PROVIDER_URL, OIMURL);

// New Properties needs to be added into system property.

 System.setProperty("OIM.AppServerType", "wls");

 System.setProperty("APPSERVER_TYPE", "wls");

 System.setProperty("java.security.auth.login.config","F:\\oimlib\\oimclient\\conf\\auth  wl.conf");

  OIMClient client = new OIMClient(env);

  try {

  System.out.println("12");

  client = new OIMClient(env);

  System.out.println("Initiating Oim Client");

  client.login(OIMUserName, OIMPassword.toCharArray());

  System.out.println("got OIm client successfully");

  System.out.println("Client - " + client);

} catch (Exception e) {

System.out.println("Error: " + e);

client = null;

              }

return client;

}

public static UserManager getService() {

              UserManager tcUM = null;

              Oimapi obj = new Oimapi();

              OIMClient client = obj.loginWithCustomEnv();

System.out.println("getService() -Client - " + client);

if (client != null) {

tcUM = client.getService(UserManager.class);

  System.out.println(" if (client != null) " + tcUM);

  } 

else {

      tcUM = Platform.getService(UserManager.class);

     System.out.println(" else = null) " + tcUM);

              }

              return tcUM;

          }

//Create OIM user

public void createUser(String userLogin)

 throws ValidationFailedException, AccessDeniedException,

 UserAlreadyExistsException, UserCreateException {

UserManager tcUM = getService();

long orgKey = 1;

Map<String, String> userMap = new HashMap<String, String>();

 UserManagerResult result = null; 

User user = null;

 user = new User("");

 user.setAttribute("User Login", userLogin);

 user.setAttribute("First Name", userLogin);

 user.setAttribute("Last Name", userLogin);

 user.setAttribute("usr_password", "Welcome1");

 user.setAttribute("act_key", orgKey);

 user.setAttribute("Xellerate Type", "End-User");

 user.setAttribute("Role", "Full-Time");

 System.out.println(user.getAttributes());.

 try {

 result = tcUM.create(user);

 System.out.println(user+"User Sucessfully got Created");

 } catch (Exception e) {

  System.out.print(e);

              }

  }

 //----- Schedule Job Execution

public static void main(String args[]) {

Oimapi rObj = new Oimapi();

rObj.loginWithCustomEnv();

  try{

            rObj.createUser("testUser4");

           } catch (ValidationFailedException e) {

                System.out.println(e);

          } catch (UserAlreadyExistsException e) {

                System.out.println(e);

          } catch (UserCreateException e) {

            System.out.println(e);

        }

           

          }

   

       }